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(54) Secure data management system 

(57) The present invention provides a system to 
ensure security of data in a computer network system. 
A center certifies a public-key of user of the system and 
distributes a secret-key A first system comprises the 
center in a network, an information provider and a plu- 
rality of users. The center identifies utilization status by 
requests of the secret-key The data is encrypted by the 
secret-key and is stored and transferred, while the data 
to be stored and transferred is encrypted by a secret- 
key different from the secret-key for the transferred data. 
An original data label is added to the original data, and 
an edit label is added to the edited data, and the center 
does not store the data and stores only the original data 
label and the edit label. A second system comprises a 
center and an information provider in a network, and a 
plurality of users utilizing the network. The center stores 
the original data and editing scenario, and also the orig- 
inal data label, user label and edit label. The data is not 
transferred between the users, but data label encrypted 
by the public-key is transferred. In electronic commerce 
system, every data is distributed through a mediator in 
the networK data which is transferred from a maker to a 
user is encrypted by a secret-key for encryption, and 
data which is transferred from the user to the maker is 
encrypted by a secret-key for re-encryption. 
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Description 

BACKGROUND OF THE INVENTION 



The present invention relates to a data manage- 
ment system for managing digital data, and in particular 
to a system, which can be effectively applied to copy- 
right management of copyrighted data, electronic com- 
merce and digital cash. 

As more and more information is available, data- 
base systems wherein many compirters. which inde- 
pendently have stored various data, are connected via 
communication lines to use the data mutually are 
becoming increasingly popular. Such database system 
has been so far possible to process only coded informa- 
tion containing a small amount of information which can 
be processed by conventional computers and at the 
most nxjnochrome binary data such as facsimile infor- 
mation, and faing to handle natural and moving pictures 
that include a substantially large amount of information. 

Digital processing techniques for various electric 
signals are being developed, and efforts are bang 
made to apply such techniques to those dynamic pic- 
ture signals other than binary data which were proc- 
essed as analog signals. Since the digitization of picture 
signals enables picture signals such as television sig- 
nals to be handled by computers, people are viewing as 
a promising technique a "multimedia system" that can 
deal with both various data that can be processed by 
computers and picture data that is digitized picture sig- 
nals. 

Since picture data contains a significantly larger 
amount of information than character data or audio 
data, it cannot be stored, transmitted, or subjected to 
various processings by computers in its original form. 
Attempts have thus been made to compression/expan- 
sion of picture data, and some picture data compres- 
sion/expansion standards have been prepared. These 
standards include the following comnron standards: the 
Joint Photographic Image Coding Experts Group 
(JPEG) standards for still pictures, the H.261 standards 
for video conferences, the Moving Picture Image Cod- 
ing Experts Group 1 {MPEG1) standards for picture 
storage, and the MPEG2 standards for both existing tel- 
evisfon broadcasting and future high-definition televi- 
sion broadcasting. These techniques have enabled 
digital picture data to be processed in real-time. 

Since analog data, which is conventionally popular, 
is degraded each time it is stored, copied, edited, and 
transmitted, little notice has been taken of the control of 
the copyright associated with these operations. Digital 
data, however, is not degraded after repeated storing, 
copying, editing, and transmission, such control of the 
control of tiie copyright associated with these opera- 
tions is significant. There has been no adequate method 
for controlling the copyright for digital data; the copyright 
is managed based on the copyright law or relevant con- 
tracts. The copyright law simply establishes a compen- 
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sation system for digital recording or equipment thereof. 

A database not only has its contents referenced but 
is also used to effectively use data obtained through 
storing, copying, and editing, and it is possible to frans- 
5 fer edited data to a different user via on-line basis such 
as a communication line or via off-line basis using 
appropriate recording medium or to transfer it to the 
database to be registered as new data. Although con- 
ventional databases have dealt with only character 
^0 data, databases in multimedia system contain audio 
and picture data that are inherentiy analog, in addition 
to databased character data. 

Under these circumstances, the control of the cop- 
yright for data in databases is very important, but no 
?5 copyright management means that is particularly appli- 
cable to secondary use such as copying, editing, and 
transmission has been completed. 

In data communication using computers has been 
carried out in relatively small scale in tfie past, computer 
20 communication system called "Internet" has shown 
rapid progress in tiie past several years, and it is now 
being developed to a system closer and familiar to eve- 
rybody. The information used in communication of this 
Internet system has been Initially limited to character 
25 infonnation only, but. with the progress of technique, 
audio data and picture data are now used. At present, 
even electronic commerce data or digital cash data, for 
which reliability and confidentiality are important factors, 
are now being used in the Internet system. 
30 Under such circumstances, it has become neces- 
sary to establish new techniques to ensure and guaran- 
tee security to keep confidentiality and reliability of the 
processed data and also of the case where it is neces- 
sary to charge and collect a fee. 
35 In the information data. i.e. copyrighted data, for 
which fee is charged when utilizing such data, copyright 
is asserted in most cases, while tiiere are information 
data such as personal mail, advertisement and propa- 
ganda data, etc., for which copyright is not positively 
40 asserted. For example, in case of a personal mail, for 
which copyright is not asserted, it is important to main- 
tain privacy and to prevent falsification or forgery of tfie 
contents. Even in the data for advertisement and propa- 
ganda, which is usually not associated with assertion of 
45 copyright, damage or impairment may often occur due 
to felsification of the contents or business activities may 
be disturbed because of distribution of the data to the 
people other than those originally aimed or such trouble 
may be caused by false data. 
50 As described above, it is essential in case of per- 
sonal mail to stop falsification of contents, to prevent 
infringement of privacy and to exclude forgery. For the 
advertisement and propaganda data, it is necessary to 
prevent falsification of data contents, to resti-ict looking 
55 and to exclude forgery. 

The prevention of infringement of privacy in the per- 
sonal mail and the restriction of looking of the advertise- 
ment and propaganda data can be achieved by 
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encryption of data. The prevention of forgery of the per- 
sonal mail and the advertisement and propaganda data 
and the exclusion of falsification of the personal n^iail 
and the advertisement and propaganda data can be 
attained by confirmation (certification) of the sender or 
the transmitter of the data. 

The Internet system is based on grass-roots con- 
cept and is a very fragile system as far as security of the 
system itself is concerned. Various systems for main- 
taining security of the Internet system have been pro- 
posed, and typical systems are PEM (Privacy 
Enhanced Mail) adopting hierarchical structure and 
PGP (Pretty Good Privacy) adopting horizontal distrib- 
uted structure. These systems are effective to maintain 
confidentiality of data and to provide certification of the 
transmitting source, certification on non-falsification of 
the data, display of the first transmitter and control of 
public-key while it is not possible by these systems to 
restrict re-utilization of data including data editing, 

PEM, adopting hierarchical structure, comprises 
the most upper-level authority called IPRA (Internet 
PCA Registration Authority), a next upper-level author- 
ity called PCA (Policy Certification Authority), and the 
most lower-level authorities called Organizational, Res- 
idential and Personal respectively. Upper-level certifica- 
tion authorities issue a public-key certificate with digital 
- signature on the data such as name of the lower-level 
authority for public-key of the lower-level authority, thus 
guaranteeing validity of the public-key 

PGP. adopting horizontal distributed structure, has 
no entity to correspond to the certification authority of- 
PEM, and a reliable third person guarantees validity of 
the public-key by issuing a public-key certificate with 
digital signature to the data such as name of the public- 
key. In this PGP. there is a method called electronic fin- 
gerprinting to easily confirm the public-key By this 
method, the public-key is hashed by one-way hash func- 
tion such as MD 5 (Message Digest 5). and 16-byte 
hash value is confirmed by voice. 

When PEM is compared with PGP. there is no prob- 
lem on the certifier in PEM, which adopts hierarchical 
structure, but this is not necessarily a commonly used 
system in the Internet System, which is based on grass- 
roots concept. On the other hand. PGP is a simplified 
system, which can be widely used. However, this cannot 
be utilized in case there is no reliable person to sign. 

With recent development of computer network sys- 
tem, individual computers, used on stand-alone basis in 
the past, are connected together through the network 
system, and database system to commonly share the 
data is now propagated. Further, distributed object sys- 
tem has been proposed, in which application program 
or basic software called operating system as well as 
data is also commonly shared tiirough the network. 

In the distributed object system, both data and soft- 
ware are supplied by a server as an object, which com- 
prises program and data. In the distributed object 
system, there are two systems, i.e. a system called 
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object container, in which operating system, application 
program and data are provided by a server and data 
processing and data storage are performed by a user 
terminal unit, which is an ordinary computer, and a sys- 
5 tem called server object in which operating system, 
application program and data are provided by a server, 
and data processing is performed by a user terminal 
unit called network computer, while data storage is car- 
ried out by a server The server object system is further 
10 developed to a system, in which data processing is also 
performed by the server, and tiie user terminal unit is 
provided only with input/output function, and the whole 
system functions as a single computer. 

Another form of the network system called "license 
15 network" as rental network system, is considered. In 
this system, an enterprise providing network base such 
as communication lines also provkies the systems other 
than communication lines such as fee charging system, 
security system, copyright management system, certrf i- 
20 cation system, etc. And a service enterprise utilizes 
these services and carries out network business as if it 
is his own system. 

SUMMARY OF THE INVENTION 

25 

In the present application, the inventor proposes a 
data management system for protecting copyright of 
digital data, for maintaining security in electronic com- 
merce data and keeping security for digital cash data in 
30 an ordinary computer network system, a distributed 

object system and a licer^e network system. 

A first aspect of the data management system of 
the present invention comprises a data management 
center on a network, an original copyright owner or an 
35 information provider and a plurality of users who use the 
network. The data management center certifies public- 
key of network users, distributes secret-key for data 
encryption corresponding to presentation of a user 
label, and identifies data utilization status by the request 
40 of tiie secret-key. The data is stored and transferred 
after having been encrypted using the secret-key, and 
the data is to be stored and transferred encrypted using 
a secret-key different from the secret-key for the data 
which has been transferred. An original data label is 
45 added to an original data, and an edit labd is added to 
an edited data. The data management center does not 
store the data but stores only the original data label and 
the data relating to editing. A user label is used to 
request the secret-key. but electronic fingerprinting of 
so the user label may be used instead. 

The second aspect of tiie data management sys- 
tem comprises a data management center on a net- 
work, an original copyright owner or an information 
provider and a plurality of users utilizing the network. 
55 The data management center certifies the public-key of 
the network users, and stores the original data and the 
editing scenario, and further stores the user label, the 
original data label and edit label. The data is not trans- 
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ferred between the users and the data label encrypted 
by the public-key is transferred. For transfer and for 
request of utHization. the data label is used, while elec- 
tronic fingerprinting of the data label may be used 
instead. 

5 

In electronic commerce system, every data is dis- 
tributed through a mediator on a network, data which is 
transferred from a maker to a user is encrypted by a 
secret-key for encryption, and data which is transferred 
from the user to the maker is encrypted by a secret-key io 
for re-encryption. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1A to Fig. 1D each represents a drawing for is 
explaining labels; 

Fig. 2A to Fig. 2D each represents a drawing for 

explaining label, data header and data body; 

Fig. 3A to Fig. 3D each represents a drawing for 

explaining encryption of data and label; 20 

Fig. 4A to Rg. 4G each represents a drawing for 

explaining encryption of data header and data 

body; 

Fig. 5A to Fig. 50 each represents a drawing for 
explaining encryption of label, data header and 25 
data body; 

— Fig. 6A and Fig. 6B each represents a drawing for 
explaining encryption of object file; 
Fig. 7 represents a concept" onal structure of a data 
management system of a first embodiment of the 30 
present invention; 

Fig. 8 represents a conceptional structure of a data 
management system of a second embodiment of 
the present invention; 

Fig. 9 is to explain a technique to generate data 35 
from a pluralfty of data; 

Fig. 10 represents a conceptional sti-ucture of a 
data managemerrt system of a third embodiment of 
the present invention; 

Fig. 11 represents a conceptional structure of a 40 
data management system of a fourth embodiment 
of the present IrTvention; 

Rg. 12A and Fig. 12B each represents a concep- 
tional structure of a data management system of a 
fifth embodiment of the present invention. 45 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 



righted data, an information provider (IP) of the original 
copyrighted data, a user of the original copyrighted data 
and those who edit the original copyrighted data. There 
may be a single certifier or a plurality of certifiers. In 
case a plurality of certifiers are present, they can be vir- 
tually considered as a single entity by linking them with 
each other. 

In tfiis system, a set of public-key & private-key of 
each user and a secret-key different for each step of the 
use of the copyrighted data are used. Among these 
keys, the private-key is managed under responsibility of 
each user and corresponding public-key is performed 
digital signature by the certifier, so that the reliability is 
maintained. The public-key is controlled by a key man- 
agement center generally called key library and is dis- 
tributed at the request of the user, while it is possible to 
link a certifier having certifying function with the key 
management center or to make the certifier also have a 
function of the key management center. 

-Crypt Key- 
Brief description will be given on a key system and 
a digital signature system used in the invention. 

Secret-key system is also called "common key sys- 
tem" because the same key is used for encryption and 
decryption. Because it is necessary to keep the key in 
secret, it is also called "secret-key system". Typical 
examples of encryption algorithm using secret-key are: 
DES (Data Encryption Standard) system of National 
Bureau of Standards, FEAL (Fast Encryption Algorithm) 
system of NTT, and MISTY system of Mitsubishi Electric 
Corp. In the embodiments described below, the secret- 
key is referred as "Ks". 

In contrast, the public-key system is a cryptosystem 
using a public-key being made public and a private-key. 
which is maintained in secret to those other than the 
owner of the key. One key is used for encryption and the 
other key is used for decryption. Typical exanple is RSA 
public-key system. In the embodiments described 
below, the public-key is refen-ed as "Kb", and the pri- 
vate-key is referred as "Kv". 

Here, tiie operation to encrypt a data M as data 
material to a cryptogram Ck using a crypt key K is 
expressed as: 

Ck = E (M. K) 



To begin with tiie desaiption of embodiments 
according to tfie present invention, from first embodi- 
ment to fifth embodiment, basic explanation for these 
embodiments are described hereinafter 

"Certffier- 

In the present invention, it is necessary to have an 
entity, which certifies copyright owner of original copy- 



and the operation to decrypt the cryptogram Ck to tiie 
50 data M using a crypt key K is expressed as: 

M = D (Ck, K). 

Digital signature is a technique applying the public- 
55 key system. In this system, a transfer source turns tiie 
data M to a hash value Hm by one-way hash function 
such as MD 5. Using a private-key Kv, the hash value 
Hm is encrypted to ChmKv and is transferred together 
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with the data M to a transfer destination. The transfer 
destination decrypts the transferred encrypted hash 
value Chmkv to the hash value Hm using the public-key 
Kb and also turns the transferred data M to a hash value 
Hm' using the same one-way hash function. If 
Hm = Hm' , it is judged that the transferred data is relia- 
ble. The hash value Hm obtained in this process can be 
uniquely obtained from the data M, and it is not possible 
to uniquely reproduce the data M from the hash value 
Hm. 

In case the transfer source and the transfer destina- 
tion can confirm each other, the reliability of the transfer 
data is maintained even when the hash value Hm is 
transferred without encrypting. This is called electronic 
fingerprinting and is used for simplified certification. 

-Use of Keys" 

In the embodiments from first to fifth, encryp- 
tion/decryption/re-encryption of data, storing inhibition 
of data, and storing of crypt keys are performed in 
devices other than those in a center. These operations 
are desirable to be operated by automatically working 
unique application program, by application program 
contained in data, or for attaining higher security by 
^ operating system. It can befurther attained higher secu- 
rity to perform these processings by using IC card or'PC" 
card. 

"Charging-- 

To ensure to charge and collect a fee correspond- 
ing to the use of data, there are two methods: to charge 
a fee con-esponding to the expected use prior to actual 
use. and to charge a fee con-esponding to actual result 
of use after the use. 

The method to charge a fee after the use can be 
inrplemented by metering bill payment in which the use 
results are recorded and the fee is charged by checking 
the record of use, or by card prepayment in which a card 
with an amount of purchase entered in advance on it is 
used to be subtracted by the entered amount corre- 
sponding to the actual use. 

Further, the metering bill payment method is 
divided into two methods to install a recording unit on 
server side like charging for telephone calls and to 
install a recording unit on user terminal like charging 
electric fees. 

The card prepayment method is divided into two 
methods in which prepayment Is stored on server side 
as a credit card; and the prepayment Is stored on user 
side as a \^x&^w^ card. 

"Storing of Keys-- 

In first to fourth embodiments, based on user infor- 
mation presented by the user when the user registers 
utilization of the system, the data management center 
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prepares a user label and transits it to the user. The 
user stores the user label, and a user's public-key, a 
user's private-key and a public-key of the data manage- 
ment center which are used in the system, in the user's 
5 own device. The optimal place for this storage is an IC 
card or a PC card, while it is also possible to store in a 
data storage unit in the device. A manner of storing 
crypt keys by IC card or PC card can ensure the higher 
security than that of managing keys by operating sys- 
10 tern. 

In the following, description will be given on a sys- 
tem to manage data copyrights, w^ile there are digital 
data other than copyrighted data, requiring confidential- 
ity, certainty and reliability of communication contents, 
IS dealing contents, etc. such as electronic commerce 
data or digital cash data, and the present invention can 
also be applied to these digital data. 

In the network system using crypt key, an entity to 
store the crypt key and an entity to generate the crypt 
20 key are placed out of the network system and are uti- 
lized via the network system. In the embodiment 
described below, it is supposed that a single entity, i.e. 
data management center, serves as all of tiiese entities. 

25 "Label- 
In the present invention, labels are used to protect 
copyright of tiie data and to execute data copyright. 
First, description will be given on the labels, referring to 
30 Figs. 1.2 and 3. 

In this system, a user label of the system user is 
used. On the user label. information of the label owner 
is described as shown in Fig. 1A. In case tiie label 
owner has the original copyright, information relating 
35 tine original copyrighted data is added as shown In Rg. 
1 B. In case tiie copyrighted data is an edited copyrighed 
data obtained by editing the original copyrighted data, 
information relating to the data of original copyright, 
Information of edit tool and editing data (editing sce- 
40 nario) are furtiier added as shown in Fig. IC. It Is also 
possible to add the edit tool (editing program) instead of 
the edit tool Information as shown in Fig. 1 D. 

Among tiiese labels, the label where only informa- 
tion of the label owner as shown in Fig. 1 A is described 
45 is referred as "user label", and tiie label with information 
relating copyrighted data as shown in Fig. 1 B is referred 
as "copyright label", and tfie label with information of the 
editing scenario is referred as "edit label" as shown in 
Fig. 1Cor Fig. 1D. 
50 The user label is generated by tfie data manage- 
ment center according to the information of the user 
when tile user joins the system. The copyright label is 
generated by tiie data management center when tiie 
author of tiie data presents the content to the data man- 
55 agement center. The edit label is generated by the data 
management center, wh^ tiie user who has edited the 
data presents the user label and the editing scenario to 
tiie data management center These are transferred to 
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each label owner and are stored at the data manage- 
ment center 

"Encrypting- 

Rgs. 2A, 2B and 2C each represents relationship 
between copyright label and copyrighted data. 

In the copyright label and copyrighted data corre- 
sponding to the label, the copyright label is separated 
from header of the data as shown in Fig. 2A, or is inte- 
grated with header of the data as shown in Fig. 2B, or is 
bonded to the header as shown in Fig. 20. 

In case the copyright label is bonded to the header, 
it is possible to have extended label arrangement, in 
which a plurality of copyright labels are combined 
together as shown in Rg. 2D. In case where label is 
integrated as shown in Rg. 2B, rf the copyright label 
becomes larger, label may not be accommodated in a 
single header which is limited in capacity In the 
extended label anrangement by combining a plurality of 
labels as shown in Fig. 2D. if there are too many labels, 
it exceeds the limit of packet size on Internet, and this 
causes difficulty in distribution. 

There is a case where the copyright label is 
encrypted and used as shown in Fig. 3A and a case 
where it is used without being encrypted as shown in 
Fig. 3B. In. these figures, square framed portions show 
being encrypted. In case the copyright label is not 
encrypted, the data copyrighted is encrypted. Even in 
case where the copyright label is not encrypted, the 
copyright labels other than the finally added copyright 
label are encrypted in the extended label arrangement 
as shown in Rg. 2D and a multi-stage arrangement can 
be adopted, in which crypt key of the copyright labels 
added previously and encrypted is included in the copy- 
right label added later as shown in Fig. 3C and Rg. 3D. 
By this arrangement, it is possible to confirm the content 
of the previously added copyright labels. 

Data is encrypted and decrypted to protect the cop- 
yright, but encryption and decryption are tasks which 
apply much burden on computers. In case the data to 
be encrypted or decrypted is a text data mainly com- 
posed of characters, the burden of encryption and 
decryption is not so much, but in case the data to be 
encrypted or decrypted is audio data or picture data, 
especially moving picture data, the burden of encryption 
and decryption may be enormous. For this reason, even 
in case high speed crypt algorithm is used, as special 
type computer such as super-parallel type super-com- 
puter is necessary rather than generally used personal , 
computers, at present, it is not practical in softwear to 
encrypt or decrypt the data other than text data i.e., 
moving piture data in real-time by softwear. 

Description will be given now on an arrangement of 
encryption and decryption of data referring to Figs. 4A, i 
48. 4C. 4D. 4E. 4F and 4G. In these figures, square 
framed portions are the portions to be encrypted. 

Fig. 4A shows a method to use cryption in principle. 



Only data body, ovenwhelmingly larger compared witii a 
header portion, is encrypted, and tiie data header to be 
used to recognize the data is not encrypted, in this 
anangement, the burden of encryption and decryption 
5 is very high. 

in confrast, there is a method to encrypt the data 
header portion without encrypting tfie data body portion 
as shown in Fig. 48. In this case, if the entire header is 
encrypted, the data cannot be recognized. Hence, a 
10 part of the header is not encrypted. 

As a method to reduce the burden in the an-ange- 
ment of Fig. 4A. only the fbnward portion of the data 
body can be encrypted as shown in Rg. 4C. in this 
arrangement, it Is only a part of tiie data body which 
15 must be encrypted or decrypted, and the burden of 
encryption and decryption is extremely reduced. 

Rg. 4D shows the case where the effect by the 
arrangement of Rg. 4C is increased more, and a plural- 
ity of encrypted portions of the data body are provided 
20 in the data body 

Rg. 4E shows a method called SKIP (Simple Key- 
management for Internet Protocols), Here, data body is 
encrypted, and a part of the header is encrypted, 
whereby crypt key for decrypting the data body is 
25 placed in the encrypted portion in tiie header. In this 
anangement, it is exft-emely difficult to cryptanalyze 
because two pieces of cryption must be decrypted. 

However. In case of the arrangement shown in Fig. 
4E, the entire data body is encrypted, and tiie burden of 
30 encryption and decryption is very high as in the case of 
the arrangement shown in Fig. 4A. If the arrangement of 
Rg. 4E is combined together with tiie anangement of 
Rg. 4C and only the forward portion of the data body is 
encrypted as sfiown in Rg. 4F. tiie burden of encryption 
35 and decryption is extremely reduced because it is nec- 
essary to encrypt or decrypt only a part of tiie data 
body 

In the arrangement of Fig. 4E, if a plurality of 
encrypted portions are provided in tiie data body as 
40 shown in Rg. 4G by combining witii tiie an-angement of 
Rg. 4D. tiie effect is increased more. 

Description regarding an encryption/decryption 
structjre of data having general file form will be given 
referring to Figs. 5A. 5B and 5C. In these figures. 
45 square framed portions are to be encrypted. 

Data having general file form consists of data body 
portion and data header portion, and further, copyright 
label connecting with or relating to, according to the 
present invention. Fig. 5 A shows a method to use cryp- 
to tion in prindple. Only data body is encrypted, and copy- 
right label and data header are not encrypted, and 
simitar to the arrangement of Fig. 4A. tiie burden of 
encryption and decryption is very high. 

In conf ast, there is a method to encrypt the data 
?5 header portion without encrypting tiie data body portion 
as shown in Rg. 5B. In this case, if the entire header is 
encrypted, the data cannot be recognized. Hence, a 
part of tiie header is not enaypted. In tiiis case, tiie 
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copyright label also is not encrypted. 

There is another methcxJ to encrypt the copyright 
label without encrypting the data body and data header 
portions as shown in Fig. 5C. In this case also, if the 
entire copyright label is encrypted, the relation to data s 
which conresponds to the copyright label cannot be rec- 
ognized. Hence, a part of the copyright label is not 
encrypted. 

Further, there is a method of so-called object ori- 
ented programming performing various processings by io 
using "object" integrated with data and program which 
handles data, instead of general form file consisting of 
data header and data body. The object has basic con- 
ceptual structure as shown in Fig. 6A. A storing portion 
called as "slot" in an envelope called as ^nstance" acco- is 
modates data called as "instance variable". The slot is 
sun-ounded by one or more of procedures called as 
"method" for refen-ing, processing, binding and so on, 
and the instance variable can be referred to or operated 
only via "method". This function is called as "encapsula- 20 
tion". Instruction from outside to make the "method" 
refer to or operate the instance variable is called as 
"message". 

This means, in anotiier view, the instance variable 
which is impossible to be referred to or operated without 2s 
through "method" is protected by the "method". Then, 
this can be used for encrypting the "method" and allow- 
ing the instance variable to be referred to or operated 
only by "message" which can decrypt the encrypted 
"method" as shown in Fig. 6B. In this case also, similarly 30 
to the case of data having general file form in Rg. 5C, 
since if entire "method" is encrypted, it is impossible to 
utilize "object", a part of the "method" is not encrypted. 
In Fig. 6B. square flamed portion is encrypted. 

35 

[1st Embodiment] 

Description will t^e given on a first embodiment 
referring to Fig. 7. 

To explain the principle, description is given first on 40 
a case where the user transfers original copyrighted 
data to tiie next user without editing it. The case where 
the user edits the original copyrighted data will be 
described later. Practically, the case where the original 
copyrighted data is not edited is combined with the case 45 
where the original copyrighted data is edited, and car- 
ried out as e)q5lained in the third embodiment. In the 
system of the present embodiment, secret-key and pub- 
lic-key & private-key are used. Therefore, an entity to 
manage public-key and an entity to generate secret-key so 
may be linked to or included in tiie data management 
center. 

(1) An original author (data owner) A presents an 
original copyright label LO and requests the data ss 
management center CkJ to distrtoute an original 
secret-key KsO. The original author may transfer or 
deposit tiie original copyrighted data to an informa- 



tion provider (IP) or to database so tiiat the informa- 
tion provider or the database can play a role of tfie 
original author. It is also possible that tfie original 
author A stores the origins secret-key KsO and 
encrypts the original copyrighted data MO without 
depending on the data management center Cd, 
while the original secret-key KsO must be stored at 
tiie data management center Cd to utilize the origi- 
nal copyrighted data MO by tfie user (data user). 

(2) When the distribution of the original secret-key 
KsO is requested, the data management center Cki 
encrypts the original secret-key KsO corresponding 
to the original copyright label LO using a public-key 
Kba of the original author A: 

CksOkba = E (KsO. Kba) 

and distributes tiie encrypted original secret-key 
CksOkba together with the original copyright label 
LO to the original author A. 

The secret-key is hereafter, encrypted by a 
public-key of a distributed destination in order to be 
decrypted only by the distributed destination. 

In this case, the data management center Cd 
performs one-way hash on tiie original copyright 
label LO using algorithm such as MD 5 and pre- 
pares an original copyright label fingerprint FO, e.g. 
tiie one having 1 6-byte data, and dsti-ibutes It to tiie 
original author A. Thereafter, this electronic finger- 
print is transferred together with tiie copyrighted 
data. 

(3) When the encrypted original secret-key 
CksOkba is distributed, tiie original author A 
decrypts the encrypted original secret-key CksOkba 
using tiie private-key Kva of the original autiior A: 

KsO = D (CksOkba. Kva), 

encrypts the original copyrighted data MO using tiie 
decrypted original secret-key KsO: 

CmOksO = E (MO. KsO). 

and transfers tiie encrypted original copyrighted 
data CmOksO. the original copyright label LO and 
the original copyright label fingerprint FO to a first 
user U1. 

(4) When tiie encrypted original copyrighted data 
CmOksO, the original copyright label LO and tiie 
original copyright label fingerprint FO are trans- 
ferred, tiie first user U1 presents the original copy- 
right label LO, the original copyright lal>el fingerprint 
FO and first user label Lul, and requests tfie data 
management center Cd to dlsti-ibute the original 
secret-key KsO and a first secret-key Ks1 . 
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(5) When requested to distribute the original secret- 
key KsO and the first secret-key Ksl , the data man- 
agement center Cd confirms validity of the pre- 
sented original copyright label LO by the original 
copyright label fingerprint FO. and registers the first 
user label Lul. At the same time, the original 
secret-key KsO corresponding to the original copy- 
right label LO and the first secret-key Ksl corre- 
sponding to the first user label Lul are encrypted 
using public-key Kbi of the first user U1 : 

Cl«0kb1 = E (KsO, Kb1) 

Ckslkbl =E(Ks1. Kbi) 

and distributes the encrypted original secret-key 
CksOkbl and the encrypted first secret-key 
Ckslkbl to the first user U1 . 

(6) When the encrypted original secret-key 
CksOksbl and the encrypted first secret-key 
Ckslkbl are distributed, the first user U1 decrypts 
the encrypted original secret-key CkOkbl and the 
encrypted first secret-key Ckslkbl using private- 
key Kvl of the first user U1 : 



--KsO=: D(CksOWDl, Kvl) - 

Ks1 =D (Ckslkbl. Kvl). 

Then, the encrypted original copyrighted data 
CmOksO is decrypted using the decrypted original 
secret-key KsO: 

MO = D (CmOksO, KsO) 
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and the decrypted origins copyrighted data MO is 
utilized. 

In case the original copyrighted data MO is 
stored or copied, it is encrypted using the decrypted 40 
first secret-key Ksl: 

CmOksl = E (MO, Ksl). 

This is stored or copied as the encrypted original copy- 45 
righted data CmOksl. In case the original copyrighted 
data MO is to be transferred to a second user (next data 
user) U2, it is encrypted using the decrypted first seaet- 
key Ksl and is transferred as the encrypted original 
copyrighted data CmOksl, together with the original so 
copyright label LO, the original copyright label fingerprint 
FO and the first user label Lu1 . 

Each user may put digital signature which one- 
way hash value of the user's label is encrypted 
using user's private-key on the user's label to be ss 
presented to the data management center Cd. 
Then, the data management center decrypts the 
encrypted one-way hash value using the user's 



public-key, calculates the one-way hash value of the 
label and compares the two one-way hash values in 
order to verity the validity of each user's label. 

(7) When the encrypted original copyrighted data 
CmOksl , the original copyright label LO, the original 
copyright label fingerprint FO and the first user label 
Lu1 are transferred, the second user U2 presents 
the original copyright label LO. the original copyright 
label fingerprint FO, the first user label Lul and sec- 
ond user label Lu2, and requests the data manage- 
ment center Cd to distribute the first secret-key Ks1 
and second secret-key Ks2. 

(8) When requested to distribute the first secret-key 
Ksl and the second secret-key Ks2, the data man- 
agement center Cd confirms validity of the original 
copyright label LO and the first user label Lu1 by the 
original copyright label fingerprint FO. 

When it is confirmed that the first user label 
Lul is valid, the data management center Cd regis- 
ters the second user label Lu2 and encrypts the first 
secret-key Ks1 corresponding to the first user label 
Lul and the second secret-key Ks2 corresponding 
to the second user label Lu2 using public-key Kb2 
of the second user U2: 

Cks1kb2 = E(Ks1, Kb2) 

Cks2kb2 = E (Ks2. Kb2) 

and distributes the encrypted first secret-key Cks1kb2 
and the encrypted second secret-key Cks2kb2 to the 
second user U2. 

(9) When the encrypted first secret-key Cks1kb2 
and the encrypted second secret-key Cks2kb2 are 
distributed, the second user U2 decrypts the 
encrypted first secret-key Cks1kb2 and the 
encrypted second secret-key Cks2kb2 using pri- 
vate-key Kv2 of the second user U2: 

Ks1 =:D(Cks1kb2. Kv2) 

Ks2 = D (Cks2kb2, Kv2). 

decrypts the encrypted original copyrighted data 
CmOksl using the decrypted first secret-key Ks1 : 

MO = D (CmOksl, Ksl) 

and utilizes the decrypted original copyrighted data 
MO. 

In case the original copyrighted data MO is to 
be stored or copied, it is encrypted using the 
decrypted second secret-key Ks2, and the 
encrypted original copyrighted data Cm0ks2 is 
stored or copied. In case the original copyrighted 
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data MO is to be transferred to a third user U3, it is 
encrypted using the decrypted second secret-key 
Ks2, and the encrypted original copyrighted data 
Cm0ks2 is transferred to the third user U3 together 
with the original copyright label LO. the original cop- 5 
yright label fingerprint FO. the first user label Lu1, 
and the second user label Lu2. 

(10) When the encrypted original copyrighted data 
Cm0ks2 is transferred together with the original 10 
copyright label LO. the original copyright label fin- 
gerprint FO, the first user label Lu1 and the second 
user label Lu2. the third user U3 presents the origi- 
nal copyright label LO. the original copyright label 
fingerprint FO. the first user label Lxil. the second is 
user label Lu2 and third user label Lu3, and 
requests the data management center Cd to distrib- 
ute the second secret-key Ks2 and third secret-key 
Ks3. 

20 

(11) When requested to distribute the second 
seaet-key Ks2 and the third secret-key Ks3. the 
data management center C6 confirms whether the 
original copyright label LO. the first user label Lul 
and the second user label Lu2 are valid or not. 25 
using the original copyright label fingerprint FO. 

- When it Is confirmed that the second user label 
Lu2 Is valid, the data management center Cd regis- 
ters the third user label Lu3 and encrypts the sec- 
ond secret-key Ks2 corresponding to the second 30 
user label Lu2 and third secret-key Ks3 corre- 
sponding to the third user label Lu3 respectively 
using public-key Kb3 of the third user U3: 

Cks2kb3 = E (Ks2, Kb3) 35 

Cks3kb3 = E {Ks3, Kb3). 

Then, the encrypted second secret-key Cks2kb3 and 
the encrypted third secret-key Cks3kb3 are distributed 40 
to the third user U3. 

(12) When the encrypted second secret-key 
Cks2kb3 and the encrypted third secret-key 
Cks3kb3 are distributed, the third user U3 decrypts 45 
the encrypted second secret-key Cks2kb3 and the 
encrypted third secret-key Cks3kb3 using private- 
key Kv3 of the third user U3: 

Ks2 = D (Cks2kb3. Kv3) 50 

Ks3 = D (Cks3kb3. Kv3) 

and decrypts the encrypted original copyrighted 
data CmOks2 using the decrypted second secret- 55 
key Ks2: 

M0= D(Cm0ks2. Ks2). 
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thus utilizes the decrypted original copyrighted data 
MO, 

In case the original copyrighted data MO is to be 
stored or copied, it is encrypted using the decrypted 
third secret-key Ks3, and the enaypted original copy- 
righted data Cm0ks3 is stored or copied. In case the 
original copyrighted data MO is to be transferred to a 
fourth user U4. if is encrypted using the decrypted third 
secret-key Ks3. and encrypted original copyrighted data 
CmOksS is transferred to the fourth user U4 together 
with the original copyright label LO. the first user label 
Lul, the second user label Lu2 and the third user label 
Lu3. 

Then, the same operation is repeated. 
[2nd Embodiment] 

Description will be given on a second embodiment, 
in which the key used to encrypt the copyrighted data is 
sent separately from the key used for decrypting the 
copyrighted data, referring to Fig. 8. In the second 
embodiment, handling of keys, relationship between the 
original author, the information provider and the users 
as well as handling of labels are the same as in the first 
embodiment, and detailed description is not given here. 

(1) The original author A presents the original cop- 
yright label LO and requests the data management 
center Cd to distribute original secret-key KsO, 

(2) When requested to distribute the original secret- 
key KsO, the data management center Cd prepares 
an original copyright label fingerprint FO from the 
original copyright label LO. and encrypts the original 
secret-key KsO corresponding to the original copy- 
right label LO using public-key Kba of the original 
author A: 

CksOkba = E (KsO. Kba), 

and distributes the encrypted original secret-key 
CksOkba together with the original copyright label 
LO to the original author A. 

(3) When the encrypted original secret-key 
CksOkba is distributed, the original author A 
decrypts the encrypted original secret-key CksOkba 
using private-key Kva of the original author A: 

KsO = D (CksOkba. Kva) 

and encrypts the original copyrighted data MO 
using the decrypted original secret-key KsO: 

CmOksO = E (MO. KsO). 

Then, the encrypted original copyrighted data 
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CmOksO. the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
fen-ed to the first user U1 . 

(4) When the encrypted original copyrighted data 
CmOksO. the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
ferred, the first user U1 presents the original copy- 
right label LO. the original copyright label fingerprint 
FO and first user label Lu1, and requests the data 
management center Cd to distribute the original 
secret-key KsO. 

(5) When requested to distribute the original secret- 
key KsO, the data management center Cd confirms 
validity of the presented original copyright label LO 
using the original copyright label fingerprint FO and 
registers the first user label Lul. At the same time, 
the original secret-key KsO corresponding to the 
original copyright label LO is encrypted using public- 
key Kbi of the first user U1 : 
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CksOkbl = E (KsO. Kbi) 

and the encrypted original secret-key CksOkbl Is 25 
distributed to the first user U1 . 

(6) When the encrypted original secret-key 
CksOkbl is distributed, the first user U1 decrypts 
the encrypted original secret-key CkOkbl using pri- 30 
vate-key Kvl of the first user Ul : 

KsO = D (CksOkbl, Kv1), 

decrypts the encrypted original copyrighted data 35 
CmOksO using the decrypted original secret-key 
KsO: 

MO = D (CmOksO, KsO). 

40 

and utilizes the decrypted original copyrighted data 
MO. 

(7) In case the original copyrighted data MO is to be 
stored or coped, the original copyright label LO and 45 
the original copyright label fingerprint FO, and the 
first user label Lu1 are presented again, and the 
distribution of the first secret-key Ksl is requested 
to the data management center Cd. 

so 

(8) When requested to distribute the first secret-key 
Ks1. the data management center Cd confirms 
validity of the presented first user label Lu1 using 
the original copyright label fingerprint FO. and 
encrypts the first secret-key Ksl corresponding to ss 
the registered first user label Lu1 using public-key 
Kb1 of the first user Ul: 



and distributes the encrypted first secret-key 
Ckslkbl to the first user Ul. 

(9) When the enaypted first secret-key Ckslkbl is 
distributed, the first user Ul decrypts the encrypted 
first secret-key Ckslkbl using private-key Kv1 of 
the first userUI: 

Ksl = D (Ckslkbl, Kvl) 

and encrypts the original copyrighted data MO 
using the decrypted first secret-key Ks1 : 



CmOksl = E (MO, Ksl). 

Then, the encrypted original copyrighted data 
CmOksl is stored or copied. In case the original 
copyrighted data MO is to be transferred to the sec- 
ond user U2. it is encrypted using the decrypted 
first secret-key Ksl , and the encrypted original cop- 
yrighted data CmOksl is transferred together with 
the original copyright label LO, the original copyright 
label fingerprint FO. and the first user label Lu1, 

(10) When the encrypted original copyrighted data 
CmOksl . the original copyright label LO. the original 
copyright label fingerprint FO and the first user label 
1^1 are transferred, the second user U2 presents 
the original copyright label LO. the original copyright 
label fingerprint FO, the first user label Lul, and the 
second user label Lu2, and requests the data man- 
agement center Cd to distribute the first secret-key 
Ksl. 

(1 1) When requested to distribute the first secret- 
key Ksl . the data management center Cd confirms 
validity of the original copyright label LO and the first 
user label Lul using the original copyright label fin- 
gerprint FO. 

When it is confirmed that the first user label 
Lu1 is valid, the data management center Cd regis- 
ters the second user label Lu2, encrypts the first 
secret-key Ks1 corresponding to the first user label 
Lul using public-key Kb2 of the second user: 

Cks1kb2=rE(Ks1. Kb2) 

and distributes the encrypted first secret-key Ckslkb2 
to the second user U2. 

(12) When the encrypted first secret-key Cks1kb2 
is distributed, the second user U2 decrypts the 
encrypted first secret-key Cks1kb2 using private- 
key Kv2 of the second user U2: 

Ksl = D (Cks1kb2, Kv2). 
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decrypts the encrypted original copyrighted data 
CmOksl using the decrypted first secret-key Ksl : 

MO = D{CmOks1, Ksl) 

5 

and utilizes the decrypted original copyrighted data 
MO. 

(13) In case the original copyrighted data MO is to 

be stored or copied, the original copyright label LO. io 
the original copyright label fingerprint FO, the first 
user label Lxil and the second user label Lu2 are 
presented again, and the distribution of second 
secret-key Ks2 is requested to the data manage- 
ment center Cd. ^5 

(14) When requested to distribute the second 
secret-key Ks2. the data management center Cd 
confirms validity of the presented second user label 
Lu2 using the original copyright label fingerprint FO. 20 
encrypts the second secret-key Ks2 conresponding 

to the registered second user label Lu2 using pub- 
lic-key Kb2 of the second user U2: 

Cks2kb2 = E (Ks2. Kb2) 25 

and distributes the encrypted second secret-key - - 
Cks2kb2 to the second user U2. 

(15) When the encrypted second secret-key 30 
Ckskb2 is distributed, the second user U2 decrypts 
the encrypted second secret-key Cks2kb2 using 
private-key Kv2 of the second user U2: 

Ks2 = D (Ck52kb2. Kv2), 35 

encrypts the original copyrighted data MO using the 
decrypted second secret-key Ks2: 

Cm0ks2 = E (MO, Ks2), 40 

and stores or copies it as the encrypted original 
copyrighted data CmOI«2. In case the original cop- 
yrighted data MO is to be transfen-ed to the third 
user U3. it is encrypted using the decrypted second 45 
secret-key Ks2. and is transfen-ed as the encrypted 
original copyrighted data Cm0ks2 together with the 
original copyright label LO. the original copyright 
label fingerprint FO, the first user label Lul . and the 
second user label Lu2 to the third user U3. 50 

(16) When the encrypted original copyrighted data 
Cm0ks2 is transferred together with the original 
copyright label LO, the original copyright label fin- 
gerprint FO, the first user label Lul and the second 55 
user lat^el Lu2. the third user U3 presents the origi- 
nal copyright label LO. the original copyright label 
fingerprint FO. the first user label Lul. the second 



user label Lu2 and the third user label Lu3 and 
requests the data management center Cd to distrib- 
ute the second secret-key Ks2. 

(17) When requested to distribute the second 
secret-key Ks2, the data management center Cd 
confirms whether the original copyright label LO, the 
first user label Lul and the second user label Lu2 
are valid or not using the original copyright label fin- 
gerprint FO. 

When rt is confirmed that the second user label 
Lu2 is valid, the data management center Cd regis- 
ters the third user label Lu3. encrypts the second 
secret-key Ks2 corresponding to the second user 
label Lu2 using public-key Kb3 of the third user U3: 

Cks2kb3 = E (Ks2. KbS) 

and distributes the encrypted second secret-key 
Cks2kb3 to the third user U3. 

(18) When the encrypted second secret-key 
Cks2kb3 is distributed, the third user U3 decrypts 
the enaypted second secret-key Cks2kb3 using 
private-key Kv3 of the third user US: 

' - Ks2 = D (Cks2kb3, Kv3), 

decrypts the encrypted original copyrighted data 
Cm0ks2 using the decrypted second secret-key 
Ks2: . 

MO = D {Cm0ks2, Ks2) 

and utilizes the decrypted original copyrighted data 
MO. 

(19) In case the original copyrighted data MO is 
stored and copied, the original copyright label LO, 
the original copyright label fingerprint FO, the first 
user label Lul, the second user label Lu2 and the 
third user label Lu3 are presented again, and the 
distribution of the third secret-key Ks3 is requested 
to the data management center Cd. 

(20) When requested to distribute the third secret- 
key Ks3, the data management center Cd confirms 
validity of the presented third user label Lu3 using 
the original copyright label fingerprint FO. The third 
secret-key Ks3 corresponding to the registered 
third user label Lu3 is encrypted using public-key 
KbS of the third user US: 

Cks3kb3 = E (Ks3, KbS) 

and the encrypted third secret-key Cks3kb3 is dis- 
tributed to the third user US. 
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Ko-k-rruc-auKo i^^x 5 To produce new data from single original data, 

l^^KsdKD3, Kv3). there are a case in which edited data {AT is obtained by 

ypiea inira secret key ks3. a user; a case in which edited data {A } is obtained by 

Cmokss P fKAn i^e^A ^'"^^'"^ ^^^^ ^ ^"S'nal data elements 

CmOksa = E (MO. Ks3). A1. A2. A3 and changing the arrangement of the 

and stores and copies it as the encrypted original STata X'xr;':^^)^'^^'^)? ^ 

SSSaMoTS^rS^o^r^^ obtained by cS^ding t.;e;n1n:,?ata\t: or^^ 

yngmed data MO is transferred to the fourth user is elements A1 . A2. A3 also dividing the data X of 

U4.rt.senayptedus,ng the decrypted thid secret- the user into X1. X2. X3. . and arranging theleele 

key Ks3 and IS transferred to the fourth user U4 as ments ana arranging these ele- 

ISeS'wJS'th^ n"^' T'"^'^'^ f*^ ^"^^ 'nthesecases.alteralionofcriginaldata.changeof 
nS! . u?"^' '^'^'9^* ^' °"3ina\ data arrangement, combination of the tiaina 

l2lt.rEJf^ M ™' datawithuserdata^nddi^isionoftheoriSna^^^^^^^ 

2J I^i U3 ^"^ combination of it with the user data arise Respectively a 

secondary exploitation right as a secondary copyright, 
TK«„ ♦! which is necessary to be protected. The orioinal codv- 

^^«h." " '^^'^ °^ °f coulee, exists in the date X a*l2^y 

In the above-mentioned embodiment, only the keys 2S the user is. nmeaaTaAaaaeaoy 

mfS'T^^rTr^^.^ff^'^^::' °' ^° by combining a plurality of 

" Sontsi^^ffii Accordingly, the original data, there are a case in which 4ed data {A° 

a^ utiL^ ^ ""l" ^^"'"^t^y C : a case in which edited data {A1 /bi + C1 + .. 

selected and utilized, i.e. a system where the keys for + A2 + B2 + C2 + + A3 + B3 * r\ ... i .eX^Ji^^ 

Keys Tor aecryption as in the first embodiment, and a data elements A1 A2 A^^ ri ro 

tSr;^hi?;;X3r^^^^T"^^ C1.C2.C^.*^..t'co'^fnt;gthem'a;^'ch^ng-^^^ 
emSSmert ^ '^"^ arrangements; and a case in which edited data {A? + B1 

+ CI + XI + + A2 + B2 + C2 + X2 + + A3 + B3 

(3rd Embodiment] ! ?^ i!' ^ obtained by dividing the original 

data A, B. c into original data elements A1 , A2. 

men?rerfr""'i-^'^^"'^°"^*'^''^«-'-^^ ^ ^^^Si^^l^S^^ X^' 

arS^ r^rJ^MoT ^''^^^ <^anging ther arrangements. ' 

a™i transfers it to the next user, refemng to Fig. 9 and Also in these cases, combination of a plurality of 

Th/a ^ original data, combination of a plurality of orioinal data 

fnrn^l 1^ T'"^ °^ Copyrighted data is per- 45 with user data, division of a plurality of o riginSa and 

^^Sc^^^S. "Sins an change of the arrangements and S ation of 

t1? crvrrawL'S^^^^^^^ ^"'^ ^"'"^ P'"'^"^ ^^^^ ^rt*^ ^^e user data arise 

eSrSsS b7SI?. ^ thf ? !? T"^ respectively a secondary exploitation right as a second- 

SSTo I V^® "^'"^^ copyrighted ary copyright, which is necessary to be protected Also 

^^e^s d^ ^e^^-^r^^^^^ ^^'^"^ ^ ^^P^'^^^ ^ user.'ci course S£ in tS 
process data. Specifically, in case the edrt tool is availa- dataX1.X2.X3 added by the user 

date b'S: ^eSr ^9- ^ shows an example L prSSang new date D 

2«ng procerdaS ' ""^ "^"^ " P'"^^"^ °^ ^^^^^ A. B and C. This 

^^ss^'^^^- - --a;iirs:t:d^ySrargts% 

edited date can be reproduced as the original data, edit form a piece of date D. 
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Further, there is a data linkage technique which 
links a plurality of data objects. In this data linkage tech- 
nique, object linkage part is arranged in "slot" of data 
object referred to as "pad". The "pad" is linked with other 
"pad" by the "slot", the operation of which is called "slot 5 
connection" so that the objects are linked with each 
other. Inter-relationship of a plurality of objects linked in 
this way is represented by a tree structure, and thus rep- 
resented tree structure can be used for deletion or addi- 
tion of the object. 

While it is clear that original data and user data are 
data, the editing process: alteration of original data, 
arrangement change of original data, combination of 
onginal data with user data, division of original data and 
combination with user data, combination of a plurality of 15 
original data each other, combination of a plurality of 
original data with user data, division and arrangement 
change of a plurality of original data, and combination of 
divided plurality of original data with user data, are also 

20 

When noticing that editing scenario of data, such as 
arrangement of original data and process of editing, is 
also data, the secondary copyright on edited data can 
be protected by managing the user's copyright about 
data of editing process in addition to the original copy- 2s 
nght of the author on the original data and the user's 

copyright on the user's data. — - - 

That is, it is possible to ensure to manage the cop- 
yrights of edited data as well as of original data, if it is 
regarded that the edited data is constituted of original 30 
data, user data and editing scenario, and thus, by man- 
aging these original data, user data and editing sce- 
nario. In this case, the editing program used for editing 
data may be managed by the data management system 
of data copyrights, if necessary 35 

While the above data editing of original data can be 
performed by using an editing program corresponding 
to the original data, by handling the original data as 
object-oriented software which has recently been 
focused on, it is possible to facilitate further editing of 4o 
data and manage more preferably copyrights of data. 
Moreover, by adopting agent-oriented software, a user 
can synthesize data with little labor. 

The agent-oriented software, unlike the conven- 
tional one, is a program having autonomy, flexibility and 45 
cooperativeness. which is able to meet a user s request 
with its characteristics of autonomy, flexibility and coop- 
erativeness in accordance with only a general instruc- 
tion of the user without specificaily giving every 
operation instruction to the software, 50 

By incorporating the agent program into a basic 
system of a data copyright management system so tiiat 
the database utilization of a user is watched, and it is 
arranged that information including data utilization con- 
dition and charging is collected at the database or ihe ss 
copyright management center, using metering function 
placed in user terminal, and thus, it is possible to know 
the database utilization condition of the user at the data- 



base side or the copyright management center side and 
achieve more accurate copyright management. These 
agent program and its data are also necessary to be 
protected in copyrights, and therefore, are encrypted 
like original data. 

In tills third embodiment shown in Fig. 10. the cop- 
yright label in the first and the second embodiments 
already described added witii tiie editing scenario is 
called "edit label", and this is ti-eated In the same man- 
ner as the copyright label in the first embodiment The 
handling of keys, relationship between tiie original 
author, the Information provider, and tiie user, as well as 
the handling of labels are tiie same as m the first 
embodiment, and detailed description Is not given here. 

(1) The original author A presents the original cop- 
yright label LO and requests the data management 
center Cd to distribute original secret-key KsO. 

(2) When requested to disti^ibute the original secret- 
key KsO. the data management center Cd encrypts 
tile original secret-key KsO corresponding to the 
original copyright label LO using public-key Kba of 
the original author A: 

CksOkba = E (KsO. Kba) 

and distributes the encrypted original secret-key 
CksOkba together with tiie original copyright label 
LO to the original author A. 

In this case, Ihe data management center Cd 
performs one-way hash to the original copyright 
label LO using algorithm such as MD 5. for example, 
to 16-byte data amount, prepares an original copy- 
right label fingerprint FO, and distributes it to tiie 
original author A. This electi-onic fingerprint is pre- 
pared on each of the original copyrighted data and 
edited copyrighted data each time the original cop- 
yrighted data is edited and edited copyrighted data 
is obtained and is transferred, together with tiie 
copyrighted data. 

(3) When the encrypted original secret-key 
CksOkba is disti-ibuted. tiie original author A 
decrypts the encrypted original secret-key CksOkba 
using private-key Kva of the original author A: 

KsO = D (CksOkba. Kva). 

encrypts the original copyrighted data MO using the 
decrypted original secret-key KsO; 

CmOksO = E (MO. KsO) 

and transfers tiie encrypted original copyrighted 
data CmOksO. the original copyright label LO and 
the original copyright label fingerprint FO to the first 
user U1. 
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(4) When the encrypted original copyrighted data 
CmOksO, the original copyright label LO and the 
original copyright label fingerprint FO are trans- 
ferred, the first user U1 presents the original copy- 
right label LO. the original copyright label fingerprint 5 
FO and first user label Lul and requests the data 
management center Cd to distribute the original 
secret-key KsO. 

(5) When requested to distribute the original secret- 10 
key ksO. the data management center Cd confirms 
validity of the presented original copyright label LO 
using the original copyright label fingerprint FO and 
registers the first user label Lul. At the same time 
the original secret-key KsO corresponding to the is 
original copyright label LO is encrypted using public- 
key Kbi of the first user U1 : 



CksOkbl =E(KsO. Kb1) 

and the encrypted original secret-key CksOkbl is 
distributed to the first user U1 . 



20 



(6) When the encrypted original secret-key 
CksOkbl is distributed, the first user U1 decrypts 25 
the encrypted original secret-key CksOkbl using 
private-key Kvl of the first user Ul : 



KsO = D (CksOkbl. Kv1). 

decrypts the encrypted original copyrighted data 
CmOksO using the decrypted original seaet-key 
KsO: 

MO = D (CmOksO. KsO), 



30 
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and edits the decrypted original copyrighted data 
MO using the edit tool and obtains edited copy- 
righted data Mel. 

The edited copyrighted data Me1 thus obtained 40 
contains copyright of the first user, who edited the 
data, and also copyright of the original author who 
prepared the original copyrighted data. TTie copy- 
right of the original author relating to the original 
copyrighted data MO can be protected by the origi- 45 
nal copyright label LO which has been registered 
original copyright label fingerprint FO and the origi' 
nal secret-key KsO corresponding to the original 
copyright label LO and also by the first user label 
Lul and the first secret-key Ksl corresponding to so 
the first user label Lul. However, because no key 
for enaypting the edited copyrighted data Mel is 
available, the secondary copyright of the first user 
relating to the edited copyrighted data Mel is not 
yet protected. 

(7) To protect the secondary copyright of the first 
user relating to the edited copyrighted data Mel, 



label of the first user, who is the author of the edited 
copyrighted data, and its electronic fingerprinting 
are used in the third embodiment. 

As already described, the edited copyrighted 
data can be expressed by data of the utilized origi- 
nal copyrighted data, information of the used edit 
tool and the editing scenario (editing process data). 
Accordingly, these informations and data are 
entered in the first user label, i.e. the first edit label 
Lei . Further, to protect secondary exploitation right 
as the secondary copyright in subsequent distribu- 
tion process, the user Ul presents the first edit 
label Le1 to the data management center Cd so 
that the secondary copyright of the user Ul is reg- 
istered. 

(8) When the first edit label Lei is presented, the 
data management center Cd confirms validity of the 
presented original copyright label LO using the orig- 
inal copyright label fingerprint FO and registers the 
first edit label Lei. At the same time, the electronic 
fingerprint Fel of the first edit label Lei is prepared, 
and first edit secret-key Kse1 corresponding to the 
first edit label Lei is encrypted by public-key Kbi of 
the first user Ul at the data management center: 

Ckselkbl = E (Ksel, Kbi), 

and the encrypted first edit secret-key Ckselkbl is 
distributed to the first user U1 together with the 
electronic fingerprint Fel of the first edit label Lei. 

(9) When the encrypted first edit secret-key 
Ckselkbl and the electronic fingerprint Fel of the 
first edit label Lei are distributed, the first user Ul 
decrypts the encrypted first edit secret-key 
Ckselkbl using private-key Kvl of the first user Ul: 

Ksel =D (Ckselkbl. Kvl), 

encrypts the first edited copyrighted data Mel 
using the decrypted first edit secret-key Ksel: 

Cmelksel = E (Mel. Ksel) 

and transfers the encrypted first edited copyrighted 
data Cme1kse1 to the second user U2 together 
with the first edit label Lei, and the electronic fin- 
gerprint Fel of the first edit label Le1 . 

Then, the same operation is repeated. 

In the third embodiment, only the first edit label Lei 
and the electronic fingerprint Fel of the first edit label 
Lei are transferred together with the encrypted first 
edited copyrighted data Cmelksel when edited data 
transfer, while it is possible to arrange in such manner 
that the other labels and electronic fingerprints can be 
simultaneously transfen-ed. 
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In the editing by utilizing a plurality of copyrighted 
data as shown in Rg. 9, operation is complicated 
because there are a large numbers of copyrighted data 
and it can be carried out as in the editing process using 
a single data. Description not given here to avoid 5 
lengthy explanation. 

In the systems of the first, the second and the third 
embodiments described above, the copyrighted data is 
encrypted using secret-key and the secret-key for its 
decryption and secret-key for re-encryption used tor 10 
storage, copying and transfer are distributed by the data 
management center based on the user label presented 
by the user. 

The secret-key for decryption and the secret-key for 
re-encryption are encrypted by the user public-key. 15 
whose validity have been certified by the data manage^ 
ment center in advance. Thus, these secret-keys are 
indirectly certified by the data management center. 
Because these secret-keys are used to encrypt the cop- 
yrighted data to be transferred, the copyrighted data to 20 
be transferred consequently is also certified by the data 
management center. Because certification by the data 
management center is of absolute nature, it is a hierar- 
chical type certification system represented by PEM. 

On the other hand, the copyrighted data itself is 2S 
transferred between the users without being transfen"ed 
to the data management center, and that might well be 
said that the certification carried out in this process is a 
horizontal distributed type certification system repre- 
sented by PGP. 

As described above, it is possible by the system of 
the embodiments to attain a certification system, which 
has high reliability of the hierarchical type certification 
system and easiness to handle of the horizontal distrib- 
uted type certification system. 35 

The behavior and content of behavior of the users 
who utilize the copyrighted data are all identified at the 
data management center by the user labels presented 
by the users. The utilization including editing of the cop- 
yrighted data is carried out via the data management 4o 
center. Thus, the identity of the user can be reliably con- 
firmed. By confirming the contents and course of behav- 
ior, contents and history of the copyrighted data can be 
certified. In this certification of the contents is applied to 
the electronic commerce, it is possible to certify the con- 45 
tents of dealings by the data management center, i.e. to 
perform "electronic notar^zation^ 

When digital signature is put on user label or on edit 
label, and if computer virus enters the user label or the 
edit label, the data of the label changes. As a result, so 
hash value changes. Therefore, by verifying the digital 
signature, it is possible to detect intrusion of corrputer 
virus. Even when digital signature Is not given, if turning 
to hash value is performed, the user label or the edit 
label is made unavailable by the changed hash value, ss 
and intrusion of computer virus can be detected. 



[4th Emtxxiiment] 



In case of distributed object system represented by 
license network system, the use of network computer to 
perform only input/output of data and data processing 
and not provided with data storage unit is adopted 
instead of conventional type computer, which pos- 
sesses data storage unit of large capadty. Further, the 
use of a network computer similar to a terminal unit of 
large size computer, having only input/output function of 
data and not provided with data processing unit is also 
considered. This network computer does not have data 
storage unit and cannot store or copy the copyrighted 
data. 

Next, description will be given on an embodiment, 
which can also be applied to a network computer not 
provided with data storage unit and used in the distrib- 
uted object system. It is needless to say that this 
embodiment is also applicable to an ordinary computer 
provided with data storage unit. 

To protect data copyright, it is necessary to use 
some sort of encryption technique to restrict unauthor- 
ized utilization of the copyrighted data. In the first, the 
second, and the third embodiments described above, to 
protect copyright in a system for an ordinary computer 
having data storage unit encrypted copyrighted data 
and labels not encrypted as clues to utilize the copy- 
righted data are used. 

in contrast, in a system for a network computer, 
which has only the function of the above-mentioned ter- 
minal unit, the copyrighted data is not stored, copied or 
transfened, and there is no need to encrypt the copy- 
righted data. 

As already explained in the third embodiment, the 
editing of copyrighted data is perfomied by modifying 
the original copyrighted data using the edit tool, and the 
edited copyrighted data thus obtained can be 
expressed by the utilized original copyrighted data, 
information of the used edit tool and the editing sce- 
nario. 

TTiis is the same In the distributed object system. In 
case edited copyrighted data is produced by utilizing the 
copyrighted data in the database existing on the distrib- 
uted object system, the edited copyrighted data can be 
reproduced by specifying the utilized database, the 
used original copyrighted data, information of tiie used 
edit tool and the editing scenario. The same applies to 
the case where a plurality of copyrighted data obtained 
from a single database or a plurality of databases are 
utilized. 

Description will be given now on the fourth embodi- 
ment referring to Fig. 11. 

In this embodiment, the original copyright owner 
and the information provider (IP) holding the copy- 
righted data are discriminated from the user who does 
not hold copyrighted data, and are arranged on the net- 
work side with tiie data management center and the 
like. In the system of this embodiment, public-key and 
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private-key are used. If original copyrighted data is 
transferred to a user, the original copyrighted data is 
encrypted by using a secret-key or a public-key of trans- 
ferred destination for the purpose of security. 

The first user U1 searches the copyrighted data s 
and collects necessary copyrighted data utilizing the 
network, broadcasting or recording medium. The col- 
lected copyrighted data is simply stored temporarily on 
memory of the user U1. Even when data storage unit 
such as a hard disk drive is included in the device of the io 
user U1. the copyrighted data is not stored in the data 
storage unit. 

In order that the copyrighted data is not stored 
when there is an attempt to store it. inhibition of storage 
of the copyrighted data is performed by destroying the is 
copyrighted data on memory, changing data header on 
memory, turning the data to one-way hash value, 
changing file name to non-storable file name, etc. 

While it is possible to inhibit the storage by data 
storage inhibition program, which is incorporated in the 20 
program of the copyrighted data having object structure, 
higher reliability is accomplished if the storage inhibition 
IS performed by an operating system, which is related to 
the entire system or to the users device. 

Description will be given on a case where a plurality ss 
of copyrighted data are utilized in the fourth embodi- 
ment 

(1)(2)The first user U1 presents the first user label 
Lul to the data management center, collects the 30 

original copyrighted data MOi (i = 1. 2. 3 ) 

from data library of the information provider IP in 
the system and obtains an edit tool Pe. In this case, 
the original copyrighted data MOi and the edit tool 
Pe are encrypted using public-key Kb1 of the first 35 
user U1: 

CmOikbl = E (MOi, Kbi) 
Cpekbl =E(Pe. Kbi) 40 

and the encrypted original copyrighted data 
CmOikbl and the encrypted edit tool Cpekbl are 
distributed to the first user U1 . 

In this case, the first user label Lul is referred. 45 
and utilizing conditions of the original copyrighted 
data MOi and the edit tool Pe are recorded at the 
data management center and are utilized for charg- 
ing of a fee. 

(3) When the encrypted original copyrighted data 
CmOikbl and the encrypted edit tool Cpekbl are 
distributed, the first user U1 decrypts the distributed 
encrypted original copyrighted data CmOikbl and 
the encrypted edit tool Cpekbl using private-key 55 
Kvl of the first user U1; 



50 



Pe = D (Cpekbl, Kvl). 



MOi: 



D (CmOikbl, Kvl) 



Using the decrypted edit tool Pe. the decrypted 
original copyrighted data MOi is edited, and a first 

edited copyrighted data Mli (i = 1, 2, 3 ) 

is obtained. 

(4) Obtaining the first edited copyrighted data Mli, 
the first user U1 encrypts a first scenario S1 i, which 
is the editing process data for the first edited copy- 
righted data Mli. using public-key Kbc of the data 
management cerrter; 

Cs1ikbc = E(S1i, Kbc) 

and presents the encrypted first scenario Cslikbc 
together with the first user label Lu1 to the data 
management center, so that secondary copyright of 
the user U1 is registered. 

(5) When the encrypted first scenario Cslikbc is 
presented, the data management center Cd 
decrypts the encrypted first scenario Cslikbc using 
private-key Kvc of the data management center: 

S1i = D (Cslikbc. Kvc). 

prepares a first edit label Le1 based on the pre- 
sented user label of the first user U1 and the 
decrypted first scenario S1i. stores it in the data 
management center Cd. encrypts the first edit label 
Lei using public-key Kb1 of the first user U1: 

Clelkbl = E(Lei. Kb1). 

and transfers the encrypted first edit label Clelkbl 
to the first user U1. 

(6) When the encrypted first edit label Clelkbl is 
transferred, the first user U1 decrypts the encrypted 
first edit label Clelkbl using private-key Kvl of the 
first user U1: 

Le1 = D (Clelkbl, Kvl). 

encrypts the decrypted first edit label Lei using 
public-key Kb2 of the second user U2: 

Cle1kb2 = E(Le1.Kb2) 

and transfers the encrypted first edit label Cle1kb2 
to the second user U2. but the first edited copy- 
righted data M1i or the encrypted first edited copy- 
righted data is not transferred to the second user 
U2. 

When the computer of the first user U1 is pro- 
vided with a data storage unit, there is possibility 
that the collected copyrighted data or the edited 
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copyrighted data may be stored in the storage unit, 
however, storage inhibition as described above is 
carried out to exclude storage, copying and transfer. 

In this case, it is possible, instead of the 
encrypted first edit label Cle1kb2. to use electronic 
fingerprint F1 . which is obtained by turning the first 
edit label to one-way hash value. In so doing, it is 
possible to perform simplified transfer of the edit 
label by telephone voice. 

{7} When the encrypted first edit label Cle1kb2 is 
transferred, the second user U2 decrypts the trans- 
ferred encrypted first edit label Cle1kb2 using the 
prfvate-key Kv2 of the second user U2: 



10 



Lei = D{Cle1kb2, Kv2). 

encrypts the first edit label Lei using the private- 
Key Kv2 of tfie second user U2: 



CIe1kv2 = E(Le1, Kv2) 

and presents the enaypted first edit label Cle1kv2 
together with the second user label Lu2 to the data 
management center Cd. 

(8) When the encrypted first edit label ae1kv2 and 
the second user label Lu2 are presented, the data 
management center Cd decrypts the presented 
encrypted first edit label Cle1kv2 using public-key 
Kb2 of the second user U2: 

Lei =D(Cle1kv2. Kb2). 

collects the original copyrighted data MOi shown on 
the decrypted first edit label Lei. edits the original 
copyrighted data MOi using the edit tool Pe based 
on the first scenario Sli described on the first edit 
label Le1, and reproduces the first edited copy- 
righted data f^li. 

When the first edited copyrighted data Mli is 
reproduced, the data management center Cd 
encrypts the first edited copyrighted data Mli and 
the edit tool Pe using the public-key Kb2 of the sec- 
ond user U2: 

Cm1ikb2 = E(M1i, Kb2) 

Cpekb2 = E (Pe. Kb2) 

and transfers the encrypted first edited copyrighted data 
Cml ikb2 and the encrypted edit tool Cpekb2 to the sec- 
ond user U2. 
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(9) When the encrypted first edited copyrighted 
data Cm1ikb2 and the encrypted edit tool Cpekb2 
are distributed, the second user U2 decrypts the 
distributed encrypted first edited copyrighted data 



55 



Cm1ikb2 and the encrypted edit tool Cpekb2 using 
private-key Kv2 of the second user U2: 

M1i = D(Cm1ikb2. Kv2) 

Pe = D (Cpekb2. Kv2) 

and edits the decrypted first edited copyrighted 
data Mli using the decrypted edit tool Pe. and the 
second edited copyrighted data M2i (I = 1, 2, 3, 
) is obtained. 

(10) When the second edited copyrighted data M2i 
is obtained, the second user U2 encrypts the sec- 
ond scenario S2i, which is editing process data of 
the second edited copyrighted data M2i. using the 
public-key Kbc of the data management center: 

Cs2ikbc = E (S2i. Kbc) 

and presents the encrypted second scenario 
Cs2ikbc together with the second user label Lu2 to 
the data management center Cd. 

(11) When the encrypted second scenario Cs2ikbc 
is presented, the data management center Cd 
decrypts the encrypted second scenario Cs2ikbc 
using the private-key Kvc of the data management 
center Cd: 

S2i = D (Cs2ikbc. Kvc). 

prepares a second edit label Le2 based on the pre- 
sented user label of the second user U2 and the 
decrypted second scenario S2i. stores it in the data 
management center Cd, encrypts the second edit 
label Le2 using public-key Kb2 of the second user 
U2: 

Cle2kb2 = E (Le2. Kb2) 

and transfers the encrypted second edit label 
Cle2kb2 to the second user U2. 

(12) When the encrypted second edit label ae2kb2 
is transferred, the second user U2 decrypts the 
encrypted second edit label Cle2kb2 using private- 
key Kv2 of the second user U2: 

Le2 = D (CIe2kb2. Kv2). 

encrypts the decrypted second edrt label Le2 using 
public-key Kb3 of the third user U3: 

Cle2kt>3 = E (Le2. KbS) 

and transfers the encrypted second edit label 
Cle2kb3 to the third user U3. Then, the same oper- 
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ation is repeated. 



In the fourth embodiment using this distributed 
object system, the copyrighted data is not stored by the 
user, but it is stored only in the database. On the other s 
hand, the user controls and stores only the edit label, 
i.e.. the information relating to user and editing, which 
has information of the utilized original copyrighted data 
and the used edit tool, the editing scenario and the infor- 
mation of the user who has edited. Only this edit label is io 
encrypted and transferred between the users. There- 
fore, the copyrighted data is not stored, copied or trans- 
ferred. 

Also, in the system of this embodiment, only the 
public-key and the private-key are used, and validity of is 
this piA)lic-key is certified by the data management 
center m advance, and certification by the data man- 
agement center is of absolute nature. Accordingly, it is a 
hierarchical type certification system represented bv 

20 

The edit label to be transferred is encrypted by the 
user's public-key. the validity of which has been certified 
in advance by the data management center, and It is 
transferred. Thus, its contents are reliable as it is indi- 
rectly certified by the data management center. The edit 25 
label itself is transferred between tiie users without 
__ being transferred to the data management center, and it 
might well be said that it is horizontal distributed type 
certification system represented by PGP. 

As described above, it is possible according to the 30 
system of tiiis embodiment to attain a certification sys- 
tem, which has high reliability of the hierarchical type 
certification system and easiness to handle of the hori- 
zontal distributed type certification system. 

Behavior and contents of behavior of the users uti- 35 
lizing the copyrighted data are all identified by tiie user 
label presented by the users at the data management 
center. The utilization including editing of the copy- 
righted data is carried out through the data manage- 
ment center. Accordingly, the identity of each user can 40 
be reliably confirmed, and by confirming the contents 
and the course of behavior, contents and history of the 
copyrighted data can be certified. When this certifica- 
tion of contents is applied to electronic commerce, it is 
possible to certify the contents of dealing by the data 45 
management center, i.e. to perform "electronic notariza- 
tion*'. 

Further, in case digital signature is put on tiie user 
label or on the edit label, and if computer virus enters 
the user label or the edit label, the data of the label is so 
changed, and as a result change occurs in the hash 
value. Therefore, by verifying digital signature, it is pos- 
sible to detect intrusion of computer virus. Even when 
digital signature is not given, if turning to hash value is 
perfomied. the user label or the edit label are made 55 
unavailable depending upon the changed hash value. 
Thus, it is possible to detect intrusion of computer virus. 
Because behavior and contents of behavior of the 



users utilizing the copyrighted data are all identified by 
the user label presented by the users at the data man- 
agement center, every charging system on the above 
functions effectively. 

[5th Embodiment] 

An embodiment in which a system of the present 
invention is applied to the electronic commerce will be 
given. A basic case is at first, explained in which all of 
the processings are performed through mediator as a 
data management center, referring to Fig. 12A, 

(1) User U looks a products catalogue of the medi- 
ator S via network, and requests the mediator S 
electronic commerce data Qm as dealing data 
including quotation for desired products and infor- 
mation of order form and payment terms. 

(2) When requested tiie electronic commerce data 
Qm, the mediator S encrypts a request R of the 
electronic commerce data Qm and first secret-key 
Ks1 by using public-key Kbm of maker M: 

Crkbm = E (R. Kbm) 

Ckslkbm = E {Ks1 . Kbm) 

and transfers encrypted request Crkbm and 
encrypted first secret-key Ckslkbm to the maker M. 

(3) When received the encrypted request Crkbm 
and encrypted first secret-key Cks1 kbm. the maker 
M decrypts the transferred encrypted request 
Crkbm and encrypted first secret-key Ckslkbm by 
private-key Kvm of the maker M: 

R = D (Crkbm. Kvm) 

Ksl =D (Ckslkbm, Kvm) 

encrypts electronic commerce data Qm corre- 
sponding to the request R by using decrypted first 
secret-key Ks1: 

Cqmksl =E (Am, Ksl) 

and transfers encrypted electronic commerce data 
Cqmksl to the mediator S. 

(4) When received the encrypted electronic com- 
merce data Cqmksl. the mediator S decrypts 
b-ansferred encrypted electronic commerce data 
Cqmksl by using the first secret-key Ks1 : 

Qm = D (Cqmksl. Ks1), 

encrypts again the decrypted electronic commerce 
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data Qm by using second secret-key Ks2: 

Ck^mksa = E (Qm. Ks2). 

encrypts second secret-key Ks2 by using public- s 
keyKbu of the user: 

Cks2kbu = E (Ks2, Kbu) 

and transfers encrypted electronic commerce data 10 
Cqvnks2 and encrypted second secret-key 
Cks2kbu to the user U. 

(5) When received encrypted electronic commerce 
data Cqmks2 and encrypted second secret-key is 
Cks2kbu, the user U decrypts encrypted second 
secret-key Cks2kbu by using private-key Kvu of 
user U: 
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Ks2 = D (Cks2kbu. Kvu), 

decrypts encrypted electronic commerce data 
Cqmks2 by using decrypted second secret-key 
Ks2: 

Qm = D (Ck^mks2. Ks2), 
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edits electronic commerce data Qm by entering 
order contents into electronic commerce data, 
makes order sheet Qu. encrypts the order sheet 30 
Qu, thus filled in. by using the second secret-kev 
Ks2: ' 



Cquks2 = E (Qu. Ks2) 

and transfers encrypted order sheet Ck^uks2 to 
mediator S. 
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(6) When received encrypted order sheet Cquks2, 
mediator S decrypts the encrypted order sheet 40 
Cquks2 by using the second secret-key Ks2: 

Qu = D (Cquks2. Ks2). 

encrypts decrypted order sheet Qu by using public- 45 
key Kbm of the maker M: 

Ck^ukbm = (Qu, Kbm) 

and transfers encryptd order sheet Ckjukbrn to the 50 
maker M. 

When received encryptd order sheet Cqukbm. 
the maker M decrypts encryptd order sheet 
Cqukbm by using private-key Kvm of maker M: 

55 

Qu = E (Cqukbm, Kvm) 
and the order is accepted and harxJied according to 



order contents of the decrypted order sheet Qa 

Next, an example of exceptional case when a 
user orders directly to a maker will be explained, 
referring to Fig. 12B. 

In the exceptional case, steps before above- 
mentioned (4). in which encrypted electronic com- 
merce data Cqmks2 and encrypted second secret- 
key Cks2kbu are transferred to user U. are same 
steps as basic case as shown in Fig. 12A. And 
therefore, same detailed description is not given 
here, and description of steps different from basic 
case is given. 

(7) When received encrypted electronic commerce 
data Cqmks2 and encrypted second secret-key 
Cks2kbu. the user U decrypts encrypted second 
secret-key Cks2kbu by using private-key Kvu of the 
user U: 

Ks2 = D (Cks2kbu, Kvu). 

decrypts encrypted electronic commerce data 
Cqmks2 by using decrypted second secret-key 
Ks2: 

Qm = D (Cqmks2. Ks2). 

enters order contents into decrypted electronic 
commerce data Qm, i.e., performing data editing, 
makes order sheet Qu. encrypts the order sheet 
Qu, thus filled in, by using the second secret-key 
Ks2: 

Cquks2 = E (Qu, Ks2) 

and transfers encrypted order sheet Cquks2 to the 
maker M. 

(8) When received encrypted order sheet Cquks2. 
the maker M transfers the enaypted order sheet 
Cqute2 to the mediator S. 

(9) When received encrypted order sheet Cquks2. 
the mediator S decrypts the encrypted order sheet 
Cquks2 by using second secret-key Ks2: 

Qu = D (Cquks2. Ks2). 

encrypts decrypted order sheet Qu by using public- 
key Kbm of maker M: 

Cqukbm = E (Qu, Kbm) 
and transfers it to the maker M. 

(10) When received encrypted order sheet 
Cqukbm. the maker M decrypts the encrypted order 
sheet Cqukbm by using private-key Kvm of maker 
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M: 



Qu = D (Cqukbm. Kvm) 



and handles the order acording to contents of the s 
order sheet Qu. 

In this electronic commerce system, computer soft- 
wear handled via network other than commercial prod- 
ucts, can be also applied in dealings. io 

In this case, softwear P is encrypted by maker M by 
using private-key Kvm of the maker M: 



Cpkvm = E (R Kvm), 

encrypted softwear Cpkvm is transfen-ed to mediator S, 
encrypted softwear Cpkvm. thus transfen-ed, is 
decrypted by the mediator S by using public-key Kbm of 
maker M: 

P = D (Cpkvm. Kbm), 

decrypted softwear P is encrypted by the mediator S by 
using public-key Kbu of user U: 

Cpkbu = E (P. Kbu), 
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encrypted softwear Cpkbu is transferred to the user U, 
and the transfen-ed encrypted softwear Cpkbu is 
decrypted by the user U by using private-key Kvu of 3o 
user U: 

P = D (Cpkbu, Kvu). 

Crypt keys for encrypted softwear which is stored in 3S 
recording medium such as CD-ROM are distributed on 
pay basis, and the crypt keys can be further, applied in 
dealings in the electronic commerce system, in the 
manner of similar way tor computer softwear described 
above. 

40 

In the basic case as described referring to Fig. 12A, 
since all of the dealing processings are performed 
through the mediator, various troubles caused In omit- 
ting the mediator among dealing processes can be pre- 
viously prevented. In exceptional case as described 45 
referring to Rg. 12B. further, in order that the maker 
receives the content of order sheet and handles the 
order, it is necessary that encrypted order sheet is 
transferred to the mediator and decrypted by the medi- 
ator. Therefore, the mediator takes part In the dealing so 
processes without fall in this case also, and thus, 
vanous troubles caused in omitting the mediator among 
dealing processes can be previously prevented. The 
secret-key which is transferred, may be transferred 
incorporated in electronic commerce data other than 55 
transferred alone. 

In each embodiment described hereinbefore, while 
data or label is encrypted/decrypted, the burden of 



encryptfon and decryption is rather high. In case that 
the data and label are transfen-ed via networK these are 
re-encrypted by secret-key and in addition, are 
encrypted by public-key Therefore, in order to utilize the 
transferred data and label, these are necessary to be 
decrypted by private-key and in addition, to be 
decrypted by secret-key 

In order to reduce the burden of encryption and 
decryption, while partly encrypting is desaibed as 
shown in Figs. 4A to AG, if the processing ability of the 
user device is not high, even when partly encrypting, 
performing both processings of encryption/decryptiori 
by secret-key system, which is for copyright manage- 
ment, and encryption/decryption by public-key system, 
which is for data security, is yet difficult. 

To cope with the above problems, encryp- 
tion/decryption, which is processing other than encryp- 
tion/decryption for protecting transfen-ed data or label, 
may be performed, for example, by an entity in the net- 
work, and encryptedydecrypted data or label is trans- 
ferred to a user. While encryption/decryption for 
protecting transfenred data or label is performed gener- 
ally by public-key ayptosystem. this encryption/decryp- 
tion is performed by a device of user. 

Above processing of encryption/decryption per- 
fonned by an entity in the network may be applied to the 
case of reproduction of edited copyrighted data in the 
third and forth embodiments. 

In the third embodiment, encrypted copyrighted 
data and non-encrypted edit label including editing sce- 
nario are transferred from one user to next user. The 
non-encrypted edit label and corresponding secret-key 
are stored in data management center. The next user 
transfers transferred encrypted copyrighted data and 
non-encrypted edit label to the data management 
center, and therefore, the copyrighted data is decrypted, 
and thus, edited copyrighted data is reproduced based 
on decrypted copyrighted data and the edit label at the 
data management center. Then, the edited copyrighted 
data is transferred to the next user. 

In the fourth embodiment, encrypted edit label 
including editing scenario is only transferred from a user 
to next user. In contrast, the edit label is stored in the 
data management center. And therefore, the data man- 
agement center, by transferred encrypted edit label to 
the data management center by the next user, collects 
necessary original data based on the edit label and 
reproduces edited copyrighted data, and then, transfers 
the edited copyrighted data to the next user. 

Claims 

1 . Method for managing digital data to be transferred 
from an owner of data to a user of data via a com- 
munication network, with the steps: 

Providing secret-key, public-key private-key 
data owner label, user label and data label; 
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Linking a data management center to a public- 
key storage and a secret-key generator and 
arranging same on said communication net- 
work; 

Certifying the public-keys of said owner and 
said user, and storing of said data owner label, 
said user label and said data label by the data 
management center; 

Presenting said data owner label and data 
label, and requesting a secret-key for data 
encryption from said data management center 
by said owner; 

Preparing a data label fingerprint from said 
data label and transfening secret-key for 
encryption which is encrypted by using said 
public-key of owner together with said data 
label fingerprint to said owner by said data 
management center; 

Encryption of the data using said secret-key 
which Is decrypted by using private-key of said 
owner, and transfer of said encrypted data, 
said data label and said data label fingerprint to 
a first user by said owner 

Presenting user label of said first user, said 
data label and said data label fingerprint, and 
requests a secret-key for decrypting said 
encrypted data and a secret-key for re-encrypt- 
ing said data which is decrypted, to said data 
management center by said first user; 

Confirmation of validity of said data label by 
said data label fingerprint, registering of said 
user label of first user, and transfer of said 
secret-key for decrypting encrypted data and 
said secret-key for re-encrypting decrypted 
data, both of which are encypted by using the 
PL4>iic-key of said first user, to said first user by 
said data management center; and 

Decryption of said secret-key for decryption 
and said secret-key for re-encryption by using 
the private-key of said first user, decryption and 
use of the enaypted data using said secret-key 
for deayption, encryption of the decrypted data 
using said secret-key for re-encryption to be so 
stored and copied, and transfer of the 
enaypted data together with said data label, 
said data label fingerprint and said user label of 
first user to tiie next user by said first user. 



said owner of data. 
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3. Method according to Claim 1 , wherein said digital 
data is edited by the user, and editing scenario of 
said digital data is added to said data label. 

4. Method according to Claim 3, wherein a secondary 
copyright is registered by presenting the user label 
of said user and data label having said editing sce- 
nario of said digital data to said data management 
center by said user. 

5. Method according to Claim 3 or 4, wherein there is 
a plurality of said digital data. 

6. Method according to Claim 1 , 2. 3, 4, or 5 wherein 
digital signature is performed on said data label. 

7. Method according to Claim 1. 2, 3. 4, 5, or 6 
wherein charging a fee is performed by presenting 
tfie user label of said user and said data label to 
said data manaement center by said user. 
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10. 



11. 



Method according to Claim 7, wherein the charging 
a fee is performed by metering bill payment method 
t>ased on use results. 

Method according to Claim 8, wherein the metering 
data based on use results is stored in said data 
management center. 

Metiiod according to Claim 8, wherein tine metering 
data based on use results is stored in a device of 
said user. 

Method according to Claim 7, wherein tiie charging 
a fee is performed by prepayment method. 

1 2. Method according to Claim 1 1 . wherein the prepay- 
ment data is stored in said data management 
center. 

1 3. Method according to Claim 1 1 . wherein the prepay- 
ment data is stored in a device of said user. 

14. Method according to Claim 1. 2, 3, 4, 5, 6, 7, 8. 9. 
10. 1 1 . 12, or 13. wherein said digital data has gen- 
eral file structure and only the data body tiiereof is 
at least partially encrypted. 



15. 



Method according to Claim 14, wherein the part of 
said data body with encryption is continuously 
arranged in said data body. 



2. 



Method according to Claim 1 , wherein a copyright is 
registered by presenting said data owner label and 
said data label to said data management center by 
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16. Method according to Claim 14, wherein a plurality 
of parts of said data body witii encryption is inter- 
mittentiy arranged in said data body 
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17. Method according to Claim 1. 2. 3. 4, 5, 6, 7, 8. 9. 
10. 11 , 12. or 13, wherein said digital data has gen- 
eral file structure, and data header and data body 
thereof are encrypted. 

5 

18. Method according to Claim 17, wherein a part of 
said data header and at least part of said data body 
are encrypted. 

19. Method according to Claim 1, 2, 3, 4. 5. 6, 7, 8, 9, io 
10, 1 1 , 12. or 13. wherein said digital data has gen- 
eral file structure and data header thereof only is 
encrypted. 



20. Method according to Claim 1 9, wherein at least part is 
of said data header is encrypted, 

21. Method according to Claim 1, 2. 3, 4. 5, 6. 7, 8, 9. 
10, 1 1. 12, or 13. wherein said digital data has gen- 
eral file structure, and only label is encrypted. 20 

22. Method according to Claim 1. 2, 3, 4, 5. 6. 7, 8. 9. 
10. 11. 12. or 13, wherein said digital data has 
object-formed file structure, and only method is 
encrypted. 



23. 



Method for managing digital data to be transferred 
from an owner of data to a user of data via broad- 
cast, a communication network or data recording 
medium, using public-key. private-key. user label 
and data label; with the steps: 
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Linking a data management center and the 
owner to a piblic-key storage, and arranging 
on said communication network; 35 

Certifying the public-keys of said owner and 
said user and storage of said user label and 
said data label by said data management 
center; and 



using a secret-key and stored in the device of said 
user. 

27. Method according to Claim 24, 25 or 26, wherein 
said ditigal data is edited, and edit label is obtained 
by adding editing scenario of said digital data to 
said data label. 

28. Method according to Claim 27. wherein said edit 
label is only transferred to next user. 

29. Method according to Claim 28. wherein said edit 
label is encrypted by using public-key of said next 
user, and is transferred to said next user; 

said next user decrypts the encrypted edit label 
by using private-key of said next user and 
prensents decrypted said edit label to said data 
management center; 

said data management center transfers the diti- 
tal data based on said edit label to said next 
user; 

said next user uses and edits said digital data 
by editing scenario of said edit label. 

30. Method according to Claim 28. wherein said first 
user transfers said edit label to said next user; 

said next user presents sard edit label to said 

data management center; 

said data management center transfers said 

digital data based on said edit label to said next 

user; 

said next user uses and edits said digital data 
by editing scenario of said edit label. 



Obtaining said digital data and data label from 
said communication network by presenting 
said user label to use said digital data, which is 
not stored in a device of said first user after 
using said digital data by a first user. 

24. Method according to Clam 23. wherein said digital 
data is not stored in the device of said user by dele- 
tion of said digital data. 

25. Method according to Claim 23. wherein said digital 
data is not stored in the device of said user by turn- 
ing said digital data to one-way hash value. 

26. Method according to Claim 23. wherein said data 
management center is further linked to secret-key 
generator, and said digital data is encrypted by 
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31. 



32. 



Method according to Claim 30, wherein said first 
user performs digital signature to said edit label by 
using private-key of said first user. 

Method according to Claim 23, 24, 25. 26. 27, 28. 
29, 30 or 31. wherein there are a plurality of said 
digital data. 



33. Method according to Claim 23. 24, 25. 26. 27. 28. 
29. 30 31 or 32. wherein charging a fee is per- 
formed by presenting said user label and said data 
label to said data management center by said user. 



50 34. 
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Method according to Claim 33. wherein the charg- 
ing a fee is performed by metering bill payment 
method based on use results. 



35. Method according to Claim 34. wherein the meter- 
ing data based on use results is stored in said data 
management center. 

36. Method according to Claim 34. wherein the meter- 
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ing data based on use results is stored in a device 
of said user. 

37. Method according to Claim 33. wherein the charg- 
ing a fee is performed by prepayment method. 

38. Method according to Claim 37. wherein the prepay- 
ment data is stored in said data management 
center, 

39. Method according to Qaim 37. wherein the prepay- 
ment data is stored in a device of said user. 

40. Method according to Claim 23, 24. 25 26 27 28 
29, 30. 31, 32. 33. 34. 35, 36. 37. 38 or' 39. wherein 
said digital data has general file structure and data 
body thereof only is encrypted. 

41. Method according to Claim 40. wherein a part of 
said data body is encrypted. 20 

42. Method according to Claim 41. wherein the part of 
said data body with encryption is continuously 
an-anged in said data body. 



51- Method for electronic commerce between producer 
and user via an agency, using secret-key, and pub- 
lic-key and private-key, with the steps; 

linking the agency to a public-key storage and a 
secret-key generator and arranging on a com- 
munication network; 
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43. Method according to Claim 41. wherein a plurality 
of parts of said data body with encryption is inter- 
mittently arranged In said data body. 

44. Method according to Claim 27. 28. 29. 30, 31 32 
33. 34. 35. 36. 37. 38. 39, 40. 41 , 42. or 43. wh^ein 
said digital data has general file structure, and data 
header and data body thereof are encrypted. 

45. Method according to Claim 44, wherein a part of 
said data header and at least part of said data body 
are encrypted. 

46. Method according to Claim 23, 24, 25. 26 27 28 
29. 30 . 31. 32, 33. 34. 35. 36. 37, 38 or 39. wherein 
said digital data has general file structure and data 
header thereof only is encrypted. 

47. Method according to Claim 46, wherein at least part 

of said data header is encrypted. 45 

48. Method according to Claim 23, 24 25 26 27 28 
29, 30. 31 32. 33. 34. 35. 36. 37. 38 or'39, wh^ein 
said digital data has general file structure, and only 
label is encrypted. ^ 

49. Method according to Claim 48. wherein a part of 
said label only is encrypted. 
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Requesting electronic commerce 
from said agency by said user; 



data 



50. Method according to Claim 23. 24 25 26 27 28 
29. 30 or 31, 31. 32. 33. 34. 35. 36, 37. 38 or 39* 
wherein said digital data has object-formed file 
structure, and only method is encrypted. 
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Transfer of the request of said electronic com- 
merce data together with secret-key for encryp- 
tion, which IS encrypted by using public-key of 
said producer, to said producer by the agency; 

Decryption of encrypted secret-key for encryp- 
tion by using private-key of said producer, and 
encryption of said electronic commerce data by 
using decrypted secret-key for encryption and 
transfer of the encrypted electronic commerce 
data to said agency by said producer; 

Decryption of said encrypted electronic com- 
merce data by using said seaet-key for encryp- 
tion, re-encryptfon of decrypted electronic 
commerce data by using secret-key for re- 
encryption, and transfer thereof together with 
said secret-key for re-encryptron. which is 
encrypted by using public-key of said user, to 
- said user by said agency; 

Decryption of encrypted secret-key for re- 
encryption by using private-key of said user, 
decryption of encrypted electronic commerce 
data by using decrypted secret-key for re- 
encryption, making of order sheet by entering 
order content into decrypted electronic com- 
merce data, encrypting said order sheet by 
using secret-key for re-encryption, and transfer 
of encrypted order sheet to said agency by said 
user; 

Decryption of said encrypted order sheet by 
using said secret-key for re-encryption, encryp- 
tion of the decrypted order sheet by using pub- 
lic-key of said producer, and transfer of 
encrypted order sheet to said producer by said 
agency; 

Decryption of the encrypted order sheet by 
using private-key of said producer, and accept- 
ing of the order by said producer. 

52. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
general file structure and data body thereof only is 
encrypted. 
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53. Method for electronic commerce according to Claim 
52. wherein the part of said data body with 
encrypted is continuously arranged in said data 
body 

54. Method for electronic commerce according to Claim 
52, wherein a plurality of parts of said data body 
with encryption is intermittently arranged in said 
data hnHv 



data body 

55. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
general file structure, and at least part of the data 
header and at least part of the data body thereof 
are encrypted, 

56. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
general file structure and only at least part of the 
the data header thereof is encrypted. 

57. Method for electronic commerce according to Claim 
51, wherein said electronic commerce data has 
general file structure and only at least part of said 
label is encrypted. 

58. Method for electronic commerce according to Claim 
51. wherein said electronic commerce data has 
object-formed file structure and method is 
encrypted. 
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Fig. 1A 
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Fig. I D 
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Fig. 4A 



HEADER 



Fig. 4B 



DATA 



HEADER 



Fig. 4C 



HEADER 



DATA 



DATA 



Fig. 4D 



HEADER 



□ i 



!□! OATA : □ : 



Fig. 4E 



HEADER 



Fig. 4F 



HEADER 



■ □ □ 



DATA 



DATA 



Fig. 4G 



1 


HEADER 




□ i 




DATA 





28 



EP 0 833 241 A2 



Fig. 5A 
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Fig. 7 
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Fig. 9 
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Fig. 10 
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